Network system, machine allocation device and machine allocation method

ABSTRACT

There is provided a load distribution function that enables an application of a user to be freely allocated to a machine even if an address of a terminal or the application used by the user is duplicated between VPNs for each user. An access detector of a machine allocation device detects a start packet from received communication packets, and determines the type of the start packet and the type of the application used by the terminal. A machine allocation manager determines a machine on which the determined application operates, and operates the machine. A network manager configures a user virtual network on a second virtual network between the determined machine and the machine allocation device.

CLAIM OF PRIORITY

This is a continuation of U.S. application Ser. No. 13/369,553, filedFeb. 9, 2012 which claims priority from Japanese patent application JP2011-078835 filed on Mar. 31, 2011, the content of all of theseapplication is hereby incorporated by reference into this application.

BACKGROUND

The present invention relates to a network system, a machine allocationdevice, and a machine allocation method. In particular, the presentinvention relates to a load distribution technique for a machine (acomputer, a computing machinery) where a machine on which an applicationused by a user operates is allocated from plural machines, and moreparticularly to a machine allocation technique in which an applicationon a machine which is arranged in a data center or the like is used froma user's home such as a standard home over a wide area virtual privatenetwork (VPN).

In recent years, with an increase in the use of portable videoreproduction or music reproduction terminals, or network compatibletelevisions, in user sides such as a user's home such as a standardhome, outdoors, or public facilities, contents such as videos, music, ordocument files are available by any terminal at any point. Thus, inorder to make the contents available by any terminal anywhere, there isa need to install a distribution server that holds and distributes thecontents. Usually, in the use in the standard home, a network within thehome, that is, a home area network (HAN) is connected with the terminaland the distribution server. In recent years, there is a device that canreceive the distribution of the contents from the distribution serverwithin the home from a place other than the home over the Internet. Thedistribution sever of this type is exemplified by a media distributionserver standard “digital living network alliance (DLNA)” and “commoninternet file system (CIFS)” of a file server. However, when the contentdistribution server is installed in the user's home as described above,there arise the following problems. That is, an expert knowledge of anetwork server is required to configure the HAN or the distributionserver, thereby making such a configuration difficult. There is a needto increase the number of distribution servers every time a storagecapacity for holding the contents becomes short. There is a need toinstall the distribution server for each service. A user must deal witha failure of the distribution server. In order to solve the aboveproblems, in the future, there is being used a service that is so-called“cloud service” which is distributed to the user terminals over a widearea network such as the Internet in which the distribution server isnot installed within the home, but installed within a center(hereinafter also called “data center”) which is operated by a serviceprovider such as a communication carrier or a content provider. When thedistribution server is thus installed in the data center, since theservice provider configures the distribution server and deals with thefailure of the distribution server, the user can easily use thedistribution server even if the user has no expert knowledge. Also,because an increase in the storage capacity and service variation can bedealt with by addition of the device on the data center side, the usercan use the service upon merely requesting the service. The internet isconceivable as a network for connecting the data center and the home.However, in order to realize the same usability as that of the networkHAN within the home of the user, there is a need to configure layer2-virtual private network (L2-VPN) which is a user dedicated identicalinternet protocol (IP) domain between the data center and the home. As atechnique for configuring such an L2-VPN in the wide area, there areprovider backbone bridging (PBB), virtual private LAN service (VPLS),and security architecture for internet protocol (IPsec).

The Ethernet (registered trademark) based wide area network of this typeis disclosed in U.S. Pat. No. 7,307,990 B2, “SHARD COMMUNICATIONSNETWORK EMPLOYING VIRTUAL-PRIVATE-NETWORK IDENTIFIERS”.

SUMMARY

As described above, when a machine installed in the data center is usedfrom a user terminal within a distant home, if one machine is providedfor each application used by a user, the machines of (the number ofusers)×(the number of applications) are required. This makes enormousdevice costs incurred by the service provider that operates the datacenter, and operation costs of the device. Accordingly, there is a needto aggregate plural users and applications in one machine to reduce thecosts.

The present inventors have found that there arise the following problemsin order to aggregate the plural users and applications in one machinewhen the machine installed in the data center is used from the userterminal within the distant home as described above. In order to providethe applications to the users on a scale of several thousands, pluralmachines are normally configured within the data center. In order toefficiently use the plural machines, the applications of the users arenot fixedly allocated to the machines, but need to be freely allocatedfor load distribution. However, as described above, because the usercommunicates with the machine within the data center by the L2-VPNindependent for each user, the allocation of the machines among theplural L2-VPNs is problematic. Also, because the user can freelydesignate an IP address to the distribution server that operates on themachine as a device disposed within the HAN, there is a possibility thatthe IP address of the server on the machine is duplicated between theusers. The allocation of the machine when the IP address is duplicatedis problematic. Also, because it is conceivable that the serviceprovider provides plural services to the user, that the service providermust deal with the plural services such as a media server or a fileserver is problematic. In a related art load distribution device,because the load distribution can be conducted only among the pluralmachines within the same IP domain, the above problems cannot be solved.

The related art load distribution device of this type is disclosed in “aserver load distribution method, a load distribution system, and a loaddistribution device and a server which are used in the system” ofJP-A-2005-10983.

In the above description, the content distribution server isexemplified. However, the same problems arise in a case where theservice provided by the machine installed in the data center is usedfrom a distant place over the network. There are other cases in which anelectricity meter installed within the home uses an electricity metercontrol server disposed in the data center, and a sensor or a cameradisposed on a telephone pole facing a road uses a sensor/camera controlserver disposed in the data center.

The present invention has been made in view of the above circumstances,and therefore aims at providing a load distribution function thatenables an application of a user to be freely allocated to a machine ina network system where an address such as an IP address of a terminal orthe application used by the user is duplicated between VPNs such asL2-VPNs for each user.

The other objects and novel features of the present invention willbecome from the description of the present specification and theattached drawings.

In order to solve the above problem, according to one aspect of thepresent invention, there is provided a network system having a machineallocation device described below. That is, there is provided a networksystem having a machine allocation device which is connected to a firstvirtual network configuring a virtual network for each user whichconnects a terminal of a user, and a second virtual network configuringa virtual network for each user which connects plural machines on whichan application used from the terminal by the user operates, wherein inthe machine allocation device,

a transfer processor that relays a communication packet of the userbetween the first virtual network and the second virtual networkincludes a packet detector that detects the communication packettransmitted from the terminal and received over the first virtualnetwork when the user starts to use the terminal,

an access detector includes a start packet detection/type determinationunit that analyzes data of the received communication packet, detects astart packet transmitted when the terminal starts, and determines a typeof the start packet and a type of the application used by the terminal,and user service information including at least information of a type ofthe application allocatable for each user and an operation state of theapplication,

a machine allocation manager includes a machine allocation determinationunit that determines the machine on which the determined applicationoperates, a machine controller that allows the application to operate onthe determined machine, and machine allocation information including atleast information indicative of the machine on which the applicationprovided to the user operates, and

a network manager includes a second virtual network controller thatconfigures the virtual network for the user on the second virtualnetwork between the determined machine and the machine allocationdevice.

Also, according to another aspect of the present invention, there isprovided a machine allocation method for a machine allocation devicedescribed below. That is, there is provided a machine allocation methodfor a machine allocation device which is connected to a first virtualnetwork configuring a virtual network for each user which connects aterminal of a user, and a second virtual network configuring a virtualnetwork for each user which connects plural machines on which anapplication used from the terminal by the user operates, wherein whenthe user does not use the terminal, the application used by the terminaldoes not operate on the machine, and when the user starts to use theterminal, the machine allocation method includes the steps of:

detecting a communication packet transmitted from the terminal andreceived over the first virtual network,

determining a type of the application used by the user according toinformation on the detected communication packet,

determining the machine on which the determined application operatesfrom the plural machines,

configuring the virtual network for the user on the second virtualnetwork between the determined machine and the machine allocationdevice,

operating the application on the machine, and

relaying and transferring the communication packet of the user betweenthe first virtual network and the second virtual network.

As described above, because the machine on which the applicationoperates is allocated to the user in the system extending over pluralVPNs such as the L2-VPNs where the IP addresses are duplicated, themachine is dynamically allocated when the user uses the application, anda user dedicated virtual network within a data center is dynamicallyconfigured for connecting the machine to which the application isallocated and the terminal of the user. With the above configuration,the above problem can be solved.

According to the first solving means of the present invention, there isprovided a network system having a first virtual network configuring avirtual network for each user which is connected to a terminal of theuser, a plurality of machines on which applications to be used from theterminal by the user operate, and a second virtual network configuring avirtual network for each user which is connected to the plurality ofmachines, the network system comprising:

a machine allocation device that is connected to the first virtualnetwork and the second virtual network, wherein

the machine allocation device includes:

a transfer processor that relays communication packets of the userbetween the first virtual network and the second virtual network;

an access detector that detects an access from the user;

a machine allocation manager that determines any one of the plurality ofmachines;

a network manager that manages the network;

a user service information storage unit that stores user serviceinformation including a service state indicative of an operating stateof each application and a second virtual network identificationinformation indicative of an identifier of each user over the secondvirtual network, in correspondence with a preset first virtual networkidentifier indicative of the identifier of the user over the firstvirtual network, a preset service identifier for identifying eachapplication providing a service to the user, and a preset service typeindicative of each allocatable application;

a machine allocation information storage unit that stores machineallocation information including a virtual machine identifier foridentifying a virtual machine on which the application operates and aservice identifier for identifying the application that operates on thevirtual machine, in correspondence with a preset machine identifier;

a relay information storage unit that stores relay information includingan identification information on a second virtual network side, incorrespondence with an identification information on a first virtualnetwork side; and

a second virtual network information storage unit that stores the secondvirtual network identification information configuring a user virtualnetwork over the second virtual network between the machine and themachine allocation device,

wherein

the transfer processor detects a communication packet transmitted fromthe terminal and received through the first virtual network,

the access detector detects a start packet to be sent when starting theterminal from the received communication packet, determines the firstvirtual network identifier and the service type indicative of theapplication to be used by the terminal according to information on thecommunication packet and the start packet, and obtains the service stateon the basis of the first virtual network identifier and the servicetype with reference to the user service information,

when the service state is non-allocated or stopping,

the machine allocation manager determines the machine on which thedetermined application operates according to a predetermined procedure,and specifies the virtual machine on the determined machine,

the network manager obtains non-allocated virtual network identificationinformation in one or a plurality of entries indicative of a connectionbetween the determined machine and the machine allocation device, withreference to the second virtual network information,

the network manager adds the virtual network identification informationto the one or the plurality of entries of the second virtual networkinformation or another entry of the second virtual network information,and updates the virtual network identification information to configurethe user virtual network on the second virtual network,

the machine allocation manager starts the specified virtual machine onthe machine, and operates the application,

the machine allocation manager sets the virtual network identificationinformation to the identification information on the second virtualnetwork side corresponding to the first virtual network identifier withrespect to the relay information and, for an entry corresponding to thefirst virtual network identifier and the service type with respect tothe user service information, sets the service state to be allocated orto be operating and sets the virtual network identification informationto the second network identifier, and sets the virtual machineidentifier of the started virtual machine and the service identifierwith respect to the machine allocation information, and

the transfer processor transfers the communication packet of the userbetween the first virtual network and the second virtual network on thebasis of the relay information.

According to the second solving means of the present invention, there isprovided a machine allocation device that is connected to a firstvirtual network and a second virtual network in a network system havingthe first virtual network configuring a virtual network for each userwhich is connected to a terminal of the user, a plurality of machines onwhich applications to be used from the terminal by the user operate, andthe second virtual network configuring a virtual network for each userwhich is connected to the plurality of machines,

the machine allocation device includes:

a transfer processor that relays communication packets of the userbetween the first virtual network and the second virtual network;

an access detector that detects an access from the user;

a machine allocation manager that determines any one of the plurality ofmachines;

a network manager that manages the network;

a user service information storage unit that stores user serviceinformation including a service state indicative of an operating stateof each application and a second virtual network identificationinformation indicative of an identifier of each user over the secondvirtual network, in correspondence with a preset first virtual networkidentifier indicative of the identifier of the user over the firstvirtual network, a preset service identifier for identifying eachapplication providing a service to the user, and a preset service typeindicative of each allocatable application;

a machine allocation information storage unit that stores machineallocation information including a virtual machine identifier foridentifying a virtual machine on which the application operates and aservice identifier for identifying the application that operates on thevirtual machine, in correspondence with a preset machine identifier;

a relay information storage unit that stores relay information includingan identification information on a second virtual network side, incorrespondence with an identification information on a first virtualnetwork side; and

a second virtual network information storage unit that stores the secondvirtual network identification information configuring a user virtualnetwork over the second virtual network between the machine and themachine allocation device,

wherein

the transfer processor detects a communication packet transmitted fromthe terminal and received through the first virtual network,

the access detector detects a start packet to be sent when starting theterminal from the received communication packet, determines the firstvirtual network identifier and the service type indicative of theapplication to be used by the terminal according to information on thecommunication packet and the start packet, and obtains the service stateon the basis of the first virtual network identifier and the servicetype with reference to the user service information,

when the service state is non-allocated or stopping,

the machine allocation manager determines the machine on which thedetermined application operates according to a predetermined procedure,and specifies the virtual machine on the determined machine,

the network manager obtains non-allocated virtual network identificationinformation in one or a plurality of entries indicative of a connectionbetween the determined machine and the machine allocation device, withreference to the second virtual network information,

the network manager adds the virtual network identification informationto the one or the plurality of entries of the second virtual networkinformation or another entry of the second virtual network information,and updates the virtual network identification information to configurethe user virtual network on the second virtual network,

the machine allocation manager starts the specified virtual machine onthe machine, and operates the application,

the machine allocation manager sets the virtual network identificationinformation to the identification information on the second virtualnetwork side corresponding to the first virtual network identifier withrespect to the relay information and, for an entry corresponding to thefirst virtual network identifier and the service type with respect tothe user service information, sets the service state to be allocated orto be operating and sets the virtual network identification informationto the second network identifier, and sets the virtual machineidentifier of the started virtual machine and the service identifierwith respect to the machine allocation information, and

the transfer processor transfers the communication packet of the userbetween the first virtual network and the second virtual network on thebasis of the relay information.

According to the third solving means of the present invention, there isprovided a machine allocation method for a machine allocation devicethat is connected to a first virtual network and a second virtualnetwork in a network system having the first virtual network configuringa virtual network for each user which is connected to a terminal of theuser, a plurality of machines on which applications to be used from theterminal by the user operate, and the second virtual network configuringa virtual network for each user which is connected to the plurality ofmachines,

wherein

the machine allocation device includes:

a transfer processor that relays communication packets of the userbetween the first virtual network and the second virtual network;

an access detector that detects an access from the user;

a machine allocation manager that determines any one of the plurality ofmachines;

a network manager that manages the network;

a user service information storage unit that stores user serviceinformation including a service state indicative of an operating stateof each application and a second virtual network identificationinformation indicative of an identifier of each user over the secondvirtual network, in correspondence with a preset first virtual networkidentifier indicative of the identifier of the user over the firstvirtual network, a preset service identifier for identifying eachapplication providing a service to the user, and a preset service typeindicative of each allocatable application;

a machine allocation information storage unit that stores machineallocation information including a virtual machine identifier foridentifying a virtual machine on which the application operates and aservice identifier for identifying the application that operates on thevirtual machine, in correspondence with a preset machine identifier;

a relay information storage unit that stores relay information includingan identification information on a second virtual network side, incorrespondence with an identification information on a first virtualnetwork side; and

a second virtual network information storage unit that stores the secondvirtual network identification information configuring a user virtualnetwork over the second virtual network between the machine and themachine allocation device,

wherein

the transfer processor detects a communication packet transmitted fromthe terminal and received through the first virtual network,

the access detector detects a start packet to be sent when starting theterminal from the received communication packet, determines the firstvirtual network identifier and the service type indicative of theapplication to be used by the terminal according to information on thecommunication packet and the start packet, and obtains the service stateon the basis of the first virtual network identifier and the servicetype with reference to the user service information,

when the service state is non-allocated or stopping,

the machine allocation manager determines the machine on which thedetermined application operates according to a predetermined procedure,and specifies the virtual machine on the determined machine,

the network manager obtains non-allocated virtual network identificationinformation in one or a plurality of entries indicative of a connectionbetween the determined machine and the machine allocation device, withreference to the second virtual network information,

the network manager adds the virtual network identification informationto the one or the plurality of entries of the second virtual networkinformation or another entry of the second virtual network information,and updates the virtual network identification information to configurethe user virtual network on the second virtual network,

the machine allocation manager starts the specified virtual machine onthe machine, and operates the application,

the machine allocation manager sets the virtual network identificationinformation to the identification information on the second virtualnetwork side corresponding to the first virtual network identifier withrespect to the relay information and, for an entry corresponding to thefirst virtual network identifier and the service type with respect tothe user service information, sets the service state to be allocated orto be operating and sets the virtual network identification informationto the second network identifier, and sets the virtual machineidentifier of the started virtual machine and the service identifierwith respect to the machine allocation information, and

the transfer processor transfers the communication packet of the userbetween the first virtual network and the second virtual network on thebasis of the relay information.

The advantages obtained by the typical features of the present inventiondisclosed in the present application will be described in brief below.

(1) Because the machine can be allocated to the user over the virtualnetwork allocated to each user, the allocation of the user to themachine can be more flexibly conducted than the allocation of themachine to the user within the virtual network. As a result, the machinecan be efficiently used, resulting in a reduction in the number ofmachines.

(2) Because a server storage that holds the content used by the userwithin the home can be deployed on the data center side, a copyrightprotection policy for the content can be centrally controlled.

These and other benefits are described throughout the presentspecification. A further understanding of the nature and advantages ofthe invention may be realized by reference to the remaining portions ofthe specification and the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram illustrating a system configuration according to afirst embodiment;

FIG. 2 is an illustrative view illustrating an example in which a user Buses a service according to the first embodiment;

FIG. 3 is a diagram illustrating a physical configuration of a systemaccording to the first embodiment;

FIG. 4 is a block diagram illustrating a configuration of a machineallocation device according to the first embodiment;

FIG. 5 is an illustrative view illustrating a system configurationbefore the user B starts to use the service according to the firstembodiment;

FIG. 6 is an illustrative view illustrating a system configuration afterthe user B starts to use the service according to the first embodiment;

FIG. 7 is an illustrative view illustrating an example of a format of acommunication packet of a virtual network 1 according to the firstembodiment;

FIG. 8 is an illustrative view illustrating an example of a format of acommunication packet of a virtual network 2 according to the firstembodiment;

FIG. 9 is an illustrative view illustrating an example of user serviceinformation held by the machine allocation device according to the firstembodiment;

FIG. 10 is an illustrative view illustrating an example of machineallocation information held by the machine allocation device accordingto the first embodiment;

FIG. 11 is an illustrative view illustrating an example of machineinformation held by the machine allocation device according to the firstembodiment;

FIG. 12 is an illustrative view illustrating an example of informationon the virtual network 2 held by the machine allocation device accordingto the first embodiment;

FIG. 13 is a flowchart illustrating an example of an allocation methodof a machine when a user device starts according to the firstembodiment;

FIG. 14 is a flowchart illustrating an example of a resource releasemethod of the machine and the virtual network when the user terminatesthe use of an application according to the first embodiment;

FIG. 15 is an illustrative view illustrating an example of a format of astart packet according to the first embodiment;

FIG. 16 is an illustrative view illustrating an example of a physicalnetwork topology of the virtual network 2 according to the firstembodiment;

FIG. 17 is an illustrative view illustrating an example of relayinformation between the virtual networks according to the firstembodiment;

FIG. 18 is an illustrative view illustrating one example of a method ofstarting a virtual machine according to the first embodiment;

FIG. 19 is an illustrative view illustrating another example of themethod of starting the virtual machine according to the firstembodiment;

FIG. 20 is an illustrative view illustrating an example of a format of acommunication packet of a virtual network 2 according to a secondembodiment;

FIG. 21 is an illustrative view illustrating an example of informationon the virtual network 2 held by a machine allocation device accordingto the second embodiment;

FIG. 22 is an illustrative view illustrating an example of a physicalnetwork topology of the virtual network 2 according to the secondembodiment;

FIG. 23 is an illustrative view illustrating an example of relayinformation between the virtual networks according to the secondembodiment;

FIG. 24 is an illustrative view illustrating an example of user serviceinformation held by a machine allocation device according to a thirdembodiment;

FIG. 25 is an illustrative view illustrating an example of theconfiguration of a virtual network 1 according to the third embodiment;

FIG. 26 is an illustrative view illustrating an example of relayinformation between the virtual networks according to the thirdembodiment;

FIG. 27 is an illustrative view illustrating an example of machineinformation held by a machine allocation device according to a fourthembodiment;

FIG. 28 is an illustrative view illustrating an example of informationon the virtual network 2 held by the machine allocation device;

FIG. 29 is an illustrative view illustrating an example of user serviceinformation held by a machine allocation device according to a sixthembodiment;

FIG. 30 is an illustrative view illustrating one example of a method ofstarting an application according to a seventh embodiment;

FIG. 31 is an illustrative view illustrating another example of themethod of starting the application according to the seventh embodiment;

FIG. 32 is an illustrative view illustrating an example in which a userB uses a service according to an eighth embodiment;

FIG. 33 is an illustrative view illustrating an example in which a userB uses a service according to a ninth embodiment;

FIG. 34 is a block diagram illustrating a configuration of a machineallocation device according to a tenth embodiment;

FIG. 35 is an illustrative view illustrating an example of a controlinterface between devices according to the tenth embodiment;

FIG. 36 is a block diagram illustrating a configuration of a machineallocation device according to an eleventh embodiment;

FIG. 37 is an illustrative view illustrating an example of a controlinterface between devices according to the eleventh embodiment;

FIG. 38 is an illustrative view illustrating an example of a graphicalinterface of a machine allocation device according to a twelfthembodiment;

FIG. 39 is an illustrative view illustrating an example of informationon the virtual network 2 (after updated) held by the machine allocationdevice according to the first embodiment;

FIG. 40 is an illustrative view illustrating an example of the relayinformation (after updated) between the virtual networks according tothe first embodiment;

FIG. 41 is an illustrative view illustrating an example of user serviceinformation (after updated) held by the machine allocation deviceaccording to the first embodiment;

FIG. 42 is an illustrative view illustrating an example of informationon the virtual network 2 (after updated) held by the machine allocationdevice according to the second embodiment;

FIG. 43 is an illustrative view illustrating an example of the relayinformation (after updated) between the virtual networks according tothe second embodiment;

FIG. 44 is an illustrative view illustrating an example of the relayinformation (after updated) between the virtual networks according tothe third embodiment;

FIG. 45 is an illustrative view illustrating an example of machineallocation information (after updated) held by the machine allocationdevice according to the first embodiment;

FIG. 46 is an illustrative view illustrating an example of user serviceinformation held by the machine allocation device according to thesecond embodiment; and

FIG. 47 is an illustrative view illustrating an example of user serviceinformation (after updated) held by the machine allocation deviceaccording to the second embodiment.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Hereinafter, embodiments of the present invention will be described indetail with reference to the accompanying drawings below. In all of thedrawings for illustrating the embodiments, the same members are denotedby identical reference numerals in principle, and their repetitivedescription will be omitted in principle.

A. First Embodiment 1. System

First, a system using a machine allocation device according to a firstembodiment of the present invention will be described. First, adescription will be given of an overall picture of service provision inthe system using the machine allocation device according to the firstembodiment of the present invention with reference to FIGS. 1 to 3. FIG.1 is a diagram illustrating a system configuration according to thefirst embodiment of the present invention, FIG. 2 is an illustrativeview illustrating an example in which a user B uses a service accordingto the first embodiment of the present invention, and FIG. 3 is adiagram illustrating a physical configuration of the system according tothe first embodiment of the present invention. In a system using theservice according to this embodiment, user devices (terminals) 109 inhomes 110 which are user's homes typically use services provided byapplications 108 that operate on machines 106 installed in a data center112 operated by a content provider or a communication carrier provider.

For simplification, FIG. 1 illustrates an example in which users A, B,and C as the users use the services provided by two machines 106. Infact, it is assumed that the number of users and the number of machinesare larger. Also, in FIG. 1, each user uses the service from the home110 of the user. However, if the same configuration is applied, theservice may be used at a location other than the homes 110. For example,the service may be used outdoors using a portable terminal, or used in afacility such as a workplace or a public facility other than the home.Any services are applicable in this embodiment if the services usemachine resources. For example, there are a media server that deliversmusic or video, a file server that saves electronic documents, a tallyserver that tallies power consumption from an electricity meter or anelectric device in home, and a control server that conducts a powercontrol or a charging control of the electric device.

As illustrated in FIG. 2, in an example of the media server, anapplication s (1081) on a data center side is a server “digital mediaserver (DMS)” complying with a standard “Digital Living Network Alliance(DLNA)”. A user B device 1 10921 is a television (TV) corresponding tothe DLNA, that is, a digital media renderer (DMR). A DLNA server 1082 ofthe data center 112 and the user B device 1 (TV) 10921 are connected bya network 201 of a user B dedicated layer 2-virtual private network(L2-VPN). For that reason, the user B can use the DLNA server 1082installed in the distant data center 112 in the same manner as that ofthe server installed in a home 1102. That is, the user can receive adelivery 205 of a video content 203 on the DLNA server 1082 in responseto a request 204 from the user B device 1 (TV) 10921 to receive aservice that allows a video to be displayed on a display 202. This useform is a feature of the service in this embodiment. Because the DLNAserver 1081 of the data center 112 and the user B device 1 (TV) 10921are connected by a network, a network is so configured as to extend overa home network 111, a virtual network 1 (102) which is a wide areanetwork between the home 110 and the data center 112, and a virtualnetwork 2 (104) that is a network within the data center 112.

As illustrated in FIG. 3, a physical configuration of each network willbe described below. The virtual network 1 (102) includes plural corenodes 301 having switches and routers. Edge nodes 303 are arrangedbetween the virtual network 1 (102) and the home networks 111 totransfer communication packets between those two networks. An example ofFIG. 3 illustrates a simple configuration in which the user devices 109are connected to the edge nodes 303. Alternatively, the edge nodes 303and the user devices 109 may be cascade-connected by switches. In thisexample, reference numeral 311 denotes a physical connection between thenodes. On the other hand, the virtual network 2 (104) includes at leastone switch 302, and is connected to the machines 106. In this example,reference numeral 310 denotes a physical connection between theswitches.

The homes 110 is a network separated for each user. The virtual network1 (102) and the virtual network 2 (104) are shared by plural users,thereby configuring a network separated by each user through the virtualnetworks. As illustrated in FIG. 1, the virtual network 1 (102)configures a virtual network 103 for each user, and the virtual network2 (104) configures a virtual network 105 for each user. In the case ofthe media server of the user B, the user B device 1 10921 is connectedto an application a (1081) of a virtual machine 10712 in a machine 1061through a user B home network 1112, a virtual network 1032 of thevirtual network 1 (102), and the virtual network 2 (104). Thus, theL2-VPN network 201 is configured for each user, thereby enabling theallocation of an IP addresses of the same IP segment such as an IPaddress: 192.168.0.100 of the user B device 1 10921 and an IP address:192.168.0.10 of the virtual machine 10721. Also, because the L2-VPN isindependent for each user, as illustrated in FIG. 1, the IP address canbe duplicated between the users, such as the IP address: 192.168.0.10 ofa virtual machine 10711 of the user A, and the IP address: 192.168.0.10of the virtual machine 10721 of the user B. In this example, referencenumeral 121 denotes a logical connection of the virtual network 1 (102),and reference numeral 120 denotes a logical connection of the virtualnetwork 2 (104). Also, in this embodiment, the applications 108 of theplural users are aggregated in each of the machines 106. This is becausewhen the plural applications operate on one machine, the machines areefficiently used to reduce the number of machines, and costs of theservice system are reduced. As a method of operating the pluralapplications separated for each user on one machine, there is a methodusing virtual machines 107 as illustrated in FIG. 1. As the virtualmachine, for example, vSphere made by VMware Inc. has been well known.In the example of FIG. 1, the virtual machines 10711 and 10721 areallocated to the user A, the virtual machine 10712 is allocated to theuser B, and virtual machines 10713 and 10722 are allocated to the userC. Because how to use the applications 108 of the users is irregular, inorder to enhance the use efficiency of the machines, there is a need tochange the applications 108 to be allocated to the machines and theusers according to an operating state of the applications 108. In thisembodiment, a machine allocation device 101 is disposed between thevirtual network 1 (102) and the virtual network 2 (104). When the userdevice 109 in the home 110 of each user starts, and accesses to anyapplication 108 in the data center 112, the machine 106 on which theapplication 108 operates is determined to start the application 108 andconfigure the corresponding virtual network 105 for each user betweenthe application 108 and the machine allocation device 101. With theabove configuration, the machine 106 on which the applications 108 ofeach user operates can be dynamically changed.

2. Machine Allocation Device

A detailed configuration of the machine allocation device 101 will bedescribed with reference to FIGS. 4 to 12. FIG. 4 is a block diagramillustrating a configuration of a machine allocation device according tothe first embodiment of the present invention. FIG. 5 is an illustrativeview illustrating a system configuration before the user B starts to usethe service according to the first embodiment of the present invention.FIG. 6 is an illustrative view illustrating a system configuration afterthe user B starts to use the service according to the first embodimentof the present invention. FIG. 7 is an illustrative view illustrating anexample of a format of a communication packet of the virtual network 1according to the first embodiment of the present invention. FIG. 8 is anillustrative view illustrating an example of a format of a communicationpacket of the virtual network 2 according to the first embodiment of thepresent invention. FIG. 9 is an illustrative view illustrating anexample of user service information held by the machine allocationdevice according to the first embodiment of the present invention. FIG.10 is an illustrative view illustrating an example of machine allocationinformation held by the machine allocation device according to the firstembodiment of the present invention. FIG. 11 is an illustrative viewillustrating an example of machine information held by the machineallocation device according to the first embodiment of the presentinvention. FIG. 12 is an illustrative view illustrating an example ofinformation on the virtual network 2 held by the machine allocationdevice according to the first embodiment of the present invention. Eachof the user service information, the machine allocation information, themachine information, the virtual network 2 information, and relayinformation is stored in an appropriate storage unit, and the storageunit may be provided anywhere.

First, a configuration of the machine allocation device 101 according tothis embodiment will be described with reference to FIG. 4. As describedabove, the machine allocation device 101 is disposed between the virtualnetwork 1 (102) and the virtual network 2 (104), and connects thevirtual network 103 for each user in the virtual network 1 (102) and thevirtual network 105 for each user in the virtual network 2 (104). Also,a management terminal 418 for allowing a manager of the system toconduct an operation management of the machine allocation device 101 isconnected to the machine allocation device 101 through a managementnetwork 419. As illustrated in FIG. 4, the machine allocation device 101includes a transfer processor 401, an access detector 402, a machineallocation manager 403, and a network manager 404.

The transfer processor 401 has a virtual network 1 edge 408 thatterminates the virtual network 1 (102), a virtual network 2 edge 405that terminates the virtual network 2 (104), and a virtual network relayunit 406 that associates the virtual network 103 and the virtual network105 for each user in the respective virtual networks with each other, asa function of transferring communication packets between those twovirtual networks, that is, the virtual network 1 (102) and the virtualnetwork 2 (104).

The virtual network relay unit 406 allows, for example, thecommunication packet of the user A to be transferred between a virtualnetwork 1031 of the virtual network 1 (102) and a virtual network 1051of the virtual network 2 (104). In this embodiment, as a method ofconfiguring the virtual network 1 (102) and the virtual network 2 (104),for example, Provider Backbone Bridging (PBB) can be used for thevirtual network 1 (102), and IEEE802.1Q (Virtual Bridged Local AreaNetworks) can be used for the virtual network 2 (104). In the followingexample, a case using those networks will be mainly described. However,the present invention can use appropriate standards, systems, andtechniques without being limited to the above configuration.

FIG. 7 illustrates a format of the communication packet in the PBB. Asillustrated in FIG. 7, in the PBB, a destination address (DA), a sourceaddress (SA), and a user frame, which are frames of the user, areencapsulated by Ethernet (registered trademark) frames to identify eachuser by any one or both of a backbone VLAN ID (B-VID) and a serviceinstance ID (I-SID). The virtual network 1 edge 408 cancels theencapsulation of the communication packet of the PBB input from thevirtual network 1 (102), and encapsulates the PBB of the communicationpacket output to the virtual network 1 (102).

Also, FIG. 8 illustrates a format of the communication packet inIEEE802.1Q. As illustrated in FIG. 8, in IEEE802.1Q, a VLAN ID (VID) tagis added to the frame of the user. Each user is identified by the VID.The virtual network 2 edge 405 cancels a VLAN tag of the communicationpacket such as IEEE802.1Q input from the virtual network 2 (104), andadds the VLAN tag of the communication packet output to the virtualnetwork 2 (104).

The virtual network relay unit 406 holds a correspondence relationshipbetween user identifiers B-VID and I-SID in the PBB and a useridentifier VID in IEEE802.1Q for each user, and converts user identifierinformation for the communication packet to be transferred. Further, apacket detector 407 has a function of checking the frame of thecommunication packet to be transferred by a wire rate, detecting apacket having a specific data format, and holding the detected packet ina buffer. In this embodiment, the packet detector 407 detects a firstcommunication packet transmitted to the application 108 in the datacenter 112 side by the user device 109 that starts in the home 110 side.For example, in the standard DLNA, the device that starts sends adiscovery packet of a multicast as a protocol for detecting a device ofa communication partner. Accordingly, the packet detector 407 has afunction of detecting the communication packet of a specific IP addressof the multicast. A transport technique used in the virtual network 1(102) and the virtual network 2 (104) may be another technique otherthan the above technique if the VPN for each user can be configured.

The access detector 402 includes a start packet detector 409 thatanalyzes the frame of the communication packet detected by the packetdetector 407, and determines a packet related to the start of the userdevice 109, and a packet type determination/service type determinationunit 410 that determines a type of a start packet, and determines a typeof the service required by the user device 109. The access detector 402holds user service information 411 that is allocation information on theservices provided to the users. As the types of the start packet, thereare Universal Plug and Play (UPnP) used in the above-mentioned DLNA aswell as a dynamic host configuration protocol (DHCP) which is a protocolfor acquiring the IP address, a magic packet used in wake-on-LAN (WOL),and Jini and Bonjour which are bender specific standards. The types ofthe start packet may be standards other than the above standards orservice specific protocols.

FIG. 9 illustrates the user service information 411 in a tabular formT901. The tabular form T901 includes a user identifier K901 foridentifying the user in the service system, a physical port No. K902 ofthe machine allocation device 101 which is connected to the virtualnetwork 103 for each user in the virtual network 1 (102), an identifierK903 for each user in the virtual network 1 (102), an identifier K904 ofa unique service within the system as information of the serviceprovided for the user, a service type K905, a service state K906indicative of whether to start the service, or not, and an identifierK907 for each user in the virtual network 2 (104). In an exampleillustrated in FIG. 9, for example, the user A is A in the useridentifier K901, 1/1 port in the physical port No. K902, and 100 in theidentifier K903 of the virtual network 1031 for each user in the virtualnetwork 1 (102). The identifier K903 for each user is an ID designatedto the B-VID or I-SID of the communication packet of the above-mentionedPBB in FIG. 7. The types K905 of the services allocated to the user Aare an application a (DLNA server), an application b (network attachedstorage (NAS)), and an application c. The identifiers K904 of theservices corresponding to those services are 1-1, 2-1, and 3-1, and theservice states K906 are active (operating), inactive (stopping), andactive (operating). Also, the identifier K907 of the virtual network1051 for each user in the virtual network 1 (102) for connection to theapplication that provides each service is 1 in both of the application aand the application c. The identifier K907 for each user is an IDdesignated to the VID of the above-mentioned communication packet suchas IEEE8020.1Q in FIG. 8. Referring to FIG. 9, the user identifier K901,the physical port No. K902, the identifier K903 for each user in thevirtual network 1 (102), the identifier K904 of the service, and thetype K905 of the service are set in a stage where the user contractswith the service, and set in advance in this embodiment. On the otherhand, the service state K906 and the identifier K907 for each user inthe virtual network 2 (104) are updated when the user starts the use ofthe service or terminates the use of the service. How to update will bedescribed in detail in a machine allocation method that will bedescribed later.

The machine allocation manager 403 includes a machine allocationdetermination unit 412 that determines on which machine 106 theapplication 108 operates when the application 108 that provides theservice is newly allocated to the user, and a machine controller 413that controls the machine on which the application 108 operates. Themachine allocation manager 403 holds machine allocation information 414that is information on the machine 106 allocated to the user, andmachine information 415 that is list information on all of the machines106 for providing the service to the user.

FIG. 10 illustrates the machine allocation information 414 in a tabularform T1001. The tabular form T1001 includes a physical machineidentifier K1001 for identifying the machines 106, a virtual machineidentifier K1002 for identifying the virtual machines 107 for operatingthe applications 108 that provide the services to the users, and anidentifier K1003 of the service of the applications 108 that operate onthe virtual machines 107.

FIG. 11 illustrates the machine allocation information 415 in a tabularform T1101. The tabular form T1101 includes a physical machineidentifier K1101 for identifying the machines 106, a management IPaddress K1102 that manages the operation of the machines 106, an averageload rate K1103 of central processing units (CPUs) of the machines 106,and an identifier K1104 of the virtual machines 107 that operate on themachines 106.

As described above, in this embodiment, each application 108 providingthe service to the user is allowed to operate on the virtual machine107. Referring to FIG. 10, the physical machine identifier K1001 isupdated when adding or deleting the machine 106 with respect to thesystem, and predetermined in this embodiment. On the other hand, thevirtual machine identifier K1002 and the identifier K1003 of the serviceare updated when the user starts the use of the service or terminatesthe use of the service. Also, referring to FIG. 11, the physical machineidentifier K1101 and the management IP address K1102 are updated whenadding or deleting the machine 106 with respect to the system, andpredetermined in this embodiment. On the other hand, the identifierK1104 of the virtual machine 107 is updated when the user starts the useof the service or terminates the use of the service. How to update whenthe user starts the use of the service will be described in detail inthe machine allocation method that will be described later.

The network manager 404 includes a virtual network 2 controller 416 thatgenerates or deletes the virtual network 105 for each user whichconnects the machine allocation device 101 and each machine 106 on thevirtual network 2 (104). The network manager 404 holds virtual network 2information 417 that is configuration information on the switch 302configuring the virtual network 2 (104) and the machine allocationdevice 101.

FIG. 12 illustrates the virtual network 2 information 417 in a tabularform T1201. The tabular form T1201 includes a node identifier K1201 ofthe switch 302 configuring the virtual network 2 (104) and the machineallocation device 101, a port No. K1202 of the node, a connection nodeidentifier K1203 of the switch 302 and the machine allocation device 101which are physically connected to the port, and VID K1204 such asIEEE802.1Q set for the port. Referring to FIG. 12, the node identifierK1201, the port No. K1202, and the connection node identifier K1203 areupdated when adding or deleting the virtual network 2 (104) with respectto the switch 302, or changing the physical connection 310. The nodeidentifier K1201, the port No. K1202, and the connection node identifierK1203 are set in advance in this embodiment. On the other hand, the VIDK1204 such as IEEE802.1Q is updated when the user starts the use of theservice or terminates the use of the service. How to update will bedescribed in detail in the machine allocation method that will bedescribed later.

With the above configuration, the machine allocation device 101efficiently allocates the machines 106 on which the applications 108providing the services to the users operate. For example, in a casewhere the user device 10921 of the user B starts, if the user device10921 is stopping or disconnected to the home network 1112, asillustrated in FIG. 5, the application 1081 providing the service to theuser B does not start, and it is not determined on which machine 106(1061 or 1062) the application 1081 operates. Also, in the network ofthe user B, only the virtual network 1032 is configured in the virtualnetwork 1 (102), and a virtual network 1052 is not configured in thevirtual network 2 (104). This is because the machine 106 on which theapplication 1081 operates is not determined in this stage. On the otherhand, when the user device 10921 of the user B starts and is using theservice of the application 1081, the network is configured asillustrated in FIG. 6. The virtual machine 10721 on which theapplication 1081 operates on the machine 1061, and the virtual network1052 is configured in the virtual network 2 (104) as a network forconnecting the machine 1061 and the machine allocation device 101. In anexample of FIG. 6, the application 1081 operates on the machine 1061,but may operate on another machine 1062 by allocation of the machine bythe machine allocation determination unit 412.

3. Machine Allocation Method

Subsequently, a method in which the machine allocation device 101allocates the machines as illustrated in FIGS. 5 and 6 before and afterthe user device 109 starts will be described with reference to FIGS. 13to 19, 39 to 41, and 45. FIG. 13 is a flowchart illustrating an exampleof the machine allocation method when the user device starts accordingto the first embodiment of the present invention. FIG. 14 is a flowchartillustrating an example of a resource release method of the machine andthe virtual network when the user terminates the use of the applicationaccording to the first embodiment of the present invention. FIG. 15 isan illustrative view illustrating an example of a format of a startpacket according to the first embodiment of the present invention. FIG.16 is an illustrative view illustrating an example of a physical networktopology of the virtual network 2 according to the first embodiment ofthe present invention. FIG. 17 is an illustrative view illustrating anexample of relay information between the virtual networks according tothe first embodiment of the present invention. FIGS. 18 and 19 areillustrative views illustrating examples of a method of starting thevirtual machine according to the first embodiment of the presentinvention. FIG. 39 is an illustrative view illustrating an example ofinformation on the virtual network 2 (after updated) held by the machineallocation device according to the first embodiment of the presentinvention. FIG. 40 is an illustrative view illustrating an example ofthe relay information (after updated) between the virtual networksaccording to the first embodiment of the present invention. FIG. 41 isan illustrative view illustrating an example of user service information(after updated) held by the machine allocation device according to thefirst embodiment of the present invention. FIG. 45 is an illustrativeview illustrating an example of the machine allocation information(after updated) held by the machine allocation device according to thefirst embodiment of the present invention.

First, a description will be given of a method of allocating themachines 106 on which the applications 108 operate when the user devices109 start with reference to FIG. 13. As a specific example, adescription will be given of a case in which the user device 10921 (TV)of the user B illustrated in FIGS. 5 and 6 as described above starts,and receives the service of the application a (DLNA server) 1081.

(Step S1301)

First, the user device 109 within the home 110 of the user starts whenturning on a power supply, returning from a sleep state, or connectingto the home network 111. When the user device 109 starts, acommunication packet for accessing to the application 108 to be used,that is, a so-called start packet is sent from the user device 109. In aspecific example of the user B, Discovery using the UPnP is conductedaccording to a protocol of the standards DLNA, and an advertisementpacket 1501 illustrated in FIG. 15 is sent as the start packet. Asillustrated in FIG. 15, the advertisement packet 1501 is sent to adestination IP address 239.255.255.250 as multicast, and arrives at themachine allocation device 101 through the virtual network 1032 of theuser B (Step S1301). For example, when the virtual network 1 (102)configures the virtual networks 1031, 1032, and 1033 in the format ofthe PBB illustrated in FIG. 7, in the start packet within the virtualnetwork 1032 of the user B includes data in FIG. 15, a user frameportion of FIG. 7 has data of FIG. 15.

(Step S1302)

Subsequently, the packet detector 407 of the machine allocation device101 detects the start packet sent from the user device 109, and notifiesthe access detector 402 of the detected start packet. In the specificexample of the user B, the packet detector 407 checks the packet header,and extracts the start packet (for example, advertisement packet). Inthis example, the packet detector 407 conducts a process of extractingthe communication packet that matches the IP address 239.255.255.250 ofthe advertisement packet 1501. The extracted communication packet isdelivered to the access detector 402, for example, through a buffermemory within the machine allocation device 101 (Step S1302).

(Step S1303)

Then, in the access detector 402 of the machine allocation device 101,the start packet detector 409 analyzes communication packet dataextracted by the packet detector 407, and selects only the communicationpacket that matches the start packet. The packet typedetermination/service type determination unit 410 analyzes informationon the communication packet, and determines the type of the startpacket. The types of the start packet are UPnP, DHCP, WOL, Jini,Bonjour, and a unique protocol as described above. In the specificexample of the user B, the start packet detector 409 extracts datarelated to the start packet from the communication packet data held onthe buffer memory. The packet type determination/service typedetermination unit 410 analyzes data of the advertisement packet 1501 inFIG. 15, and, for example, detects data “HOST:239.255.255.250:1900” ofHTTPMU, and determines the data as the advertisement packet of the UPnP(Step S1303).

(Step S1304)

Subsequently, the packet type determination/service type determinationunit 410 analyzes the information on the communication packet, anddetermines the type of the service required by the user device 109. Inthe specific example of the user B, the packet typedetermination/service type determination unit 410 analyzes the data ofthe advertisement packet 1501 in FIG. 15, and, for example, detects dataof “ST: urn; schemas-upnp-org: device: MediaServer: 1” of the HTTPMU,and determines that MediaServer: 1 level of the standards DLNA, that is,the service (application a (DLNA server)) of the DLNA server whichdelivers the content is required (Step S1304).

(Step S1305)

Then, the packet type determination/service type determination unit 410refers to the service state K906 of the user service information 411,and checks whether the application 108 providing the service determinedin Step S1304 is inactive (stopping), or not. Which user transmits thestart packet is provided by extracting the virtual network 1 identifierof the communication packet including the start packet in the virtualnetwork 1 edge 408. For example, the B-VID or I-SID in FIG. 7corresponds to the virtual network 1 identifier. In the specific exampleof the user B, the virtual network 1 identifier is extracted, and thetype of the service is proved as the service of the DLNA server (in thisexample, application a (DLNA server)) in the determination of StepS1304. Therefore, referring to a line corresponding to the DLNA serverof the information on the user B in the user service information 411illustrated in FIG. 9 corresponding to the determined service, it isfound that the identifier K904 of the service is 1-2, the state K906 ofthe service is inactive (stopping), and the identifier K907 of thevirtual network 2 (104) is NA, that is, non-allocated. In this stage,the virtual network 105 is not allocated to the virtual network 2 (104)for the user and service (Step S1305).

(Step S1306)

If the application 108 corresponding to the start packet is inactive(stopping) in the determination of Step S1305, the packet typedetermination/service type determination unit 410 notifies the machineallocation manager 403 of information necessary to newly start theapplication 108 such as the user identifier, the type of service, andthe virtual network 2 identifier. The information necessary to newlystart the application 108 may appropriately include the identifier ofthe virtual network 1, the service identifier, or the port No. Themachine allocation determination unit 412 determines the machine 106 onwhich the application 108 newly operates, based on the above informationand with reference to the machine information 415. This embodimentemploys a method in which the average load rate K1103 of the CPU foreach machine in the machine information 415 illustrated in FIG. 11 iscompared with each other, and for example, the machine 106 small in theaverage load rate K1103 is selected. The method of selecting the machineis not limited to this method, but may be other methods such as around-robin method of allocating the machines in order, a method ofminimizing the number of machines 106 on which the applications operate,or a method of allocating the machines for each service. In the specificexample of the user B, the average load rate K1103 of the CPU for eachmachine in the machine information 415 illustrated in FIG. 11 is 15% inthe machine 1061 (PS1), and 20% in the machine 1062 (PS2). The machine1061 (PS1) smaller in the average load rate K1103 is selected (StepS1306).

FIG. 45 illustrates the updated machine allocation information 414. Inthe specific example of the user B, the machine 1061 (PS1) is selectedas described above. Further, referring to the machine information 415 orthe machine allocation information 414, the machine allocationdetermination unit 412 determines an unused virtual machine ID sinceoperating virtual machine IDs are 1-1 and 1-3 in the machine 1061 (PS1).In this example, for example, the virtual machine ID is set to 1-2.Also, since the allocation service ID previously obtained is 1-2, anentry setting the virtual machine ID K1002 to 1-2 and the allocationservice ID K1003 to 1-2 is added to a corresponding line of the machineIDK1001 PS1.

(Step S1307)

Subsequently, the virtual network 2 controller 416 of the networkmanager 404 generates the network configuration information on thevirtual network 105 of the user requesting the service between themachine 106 selected in Step S1306 and the machine allocation device101. In this embodiment, since the virtual network 2 (104) configuresthe virtual network 105 for each user by IEEE802.1Q, the virtual network2 controller 416 generates the network configuration information foradding VIDs to the physical ports of the switch 302 configuring thevirtual network 2 (104) and the machine allocation device 101. In thespecific example of the user B, the virtual network 2 controller 416configures the virtual network 1052 between the machine 1061 (PS1)determined in Step S1306 and the machine allocation device 101.

FIG. 16 illustrates a physical network topology of the virtual network 2(104) configured by the virtual network 2 information 417 in FIG. 12. InFIG. 16, reference numeral 1601 denotes physical network interface cards(NICs), reference numeral 1602 is virtual machine monitors (VMMs) thatprovide virtual machine functions, reference numeral 1603 is virtualnetwork interface cards (NICs) allocated to the virtual machines 107provided by the VMMs (1602), and reference numeral 1605 is physicalports of the switches 302 and the machine allocation device 101, whichare connected with the machines 106, the switches 302, and the machineallocation device 101 in the topology illustrated in FIG. 16. In FIG.16, the home 110 side of the virtual network 1 (102) is omitted. Inorder to configure the virtual networks 1052 between the machines 1061(PS1) and the machine allocation device 101, referring to the virtualnetwork 2 information 417 in FIG. 12, the non-allocated VID, forexample, VID: 3 is selected to generate the network configurationinformation for configuring the virtual network among the machine 1061(PS1), the virtual network 2 (104), and the machine allocation device101. In this example, the network configuration information configuringVID: 3 is generated in ports 0/1 and 1/1 of the switch 302 (S1) of thevirtual network 2 (104), ports 0/1 and 1/1 of the switch 302 (S3) of thevirtual network 2 (104), and a port 0/1 of the machine allocation device101 (Step S1307).

(Step S1308)

Then, the virtual network 2 controller 416 sets the networkconfiguration for the switch 302 and the machine allocation device 101on the basis of the network configuration information generated inS1307, validates the set network configuration, and updates the virtualnetwork 2 information 417. In the specific example of the user B, thenetwork configuration information generated in S1307, that is, VID: 3 isset in the ports 0/1 and 1/1 of the switch 302 (S1) of the virtualnetwork 2 (104), the ports 0/1 and 1/1 of the switch 302 (S3) of thevirtual network 2 (104), and the port 0/1 of the machine allocationdevice 101 for each device, and validated. Also, the entry of VID: 3isadded to the VID (K1204) of the virtual network 2 information 417, andupdated. FIG. 39 illustrates the virtual network 2 information 417 inwhich the information on VID: 3 is updated (Step S1308).

(Step S1309)

Then, the machine controller 413 starts the virtual machine 107 in themachine 106 determined in Step S1306, and also starts the application108 under the control. Also, the machine controller 413 updates theinformation on the started virtual machine 107 in the user serviceinformation 411, the machine allocation information 414, and the machineinformation 415.

In the specific example of the user B, a mechanism in which the virtualmachine 107 on which the application 108 operates can be started by anymachine 106 will be described with reference to FIGS. 18 and 19. In thisembodiment, as illustrated in FIG. 18, the virtual machine 107 in whicha fibre channel (FC) storage 1802 is shared between the machines 1061and 1062 to operate the application 108 can be started by any one of themachines 1061 and 1062. As illustrated in FIG. 18, the machines 1061,1062 and the FC storage 1802 are connected by a fibre channel—storagearea network (FC-SAN). In this example, reference numeral 1804 is alogical connection of the FC. The FC storage 1802 holds a virtualmachine (VM) image 1803, that is, 180321 for each application 108 ofeach user therein. As illustrated in FIG. 18, in order to start theapplication a (1081) of the user B on the machine 1061, the virtualmachine 10721 is started on the machine 1061 by the application a VMimage 180321 of the user B due to an FC boot. On the other hand, asillustrated in FIG. 19, in order to start the application a (1081) ofthe user B on the machine 1062, the virtual machine 10721 is started onthe machine 1061 by the application a VM image 180321 of the user B dueto the FC boot. As specific methods of starting the virtual machine 107,there are a method using wake-on-LAN (WOL), and a method using amanagement message with the use of a management software of the virtualmachine 107. As the storage used by the virtual machine 107, a networkstorage and a local storage within the machine 106 are conceivable otherthan the FC storage 1082 described in this embodiment. For that reason,the storage is omitted in FIGS. 1 and 4 (Step S1309).

(Step S1310)

Then, the virtual network relay unit 406 is configured to transfer thecommunication packet of the user between the virtual network 1 (102) andthe virtual network 2 (104).

FIG. 17 illustrates the relay information between the networks which isheld by the transfer processor 401 in a tabular form T1701. The tabularform T1701 includes a port No. K1701 and an identifier K1702 of themachine allocation device connected with the virtual network 103, asinformation on the virtual network 1 (102) side, and a port No. K1703and an identifier K1704 of the machine allocation device connected withthe corresponding virtual network 105, as information on the virtualnetwork 2 (104) side. For example, the virtual network 103 in which theidentifier K1702 on the virtual network 1 (102) side is 100 finds thatthe identifier K1704 on the virtual network 2 (104) side is 1. In thespecific example of the user B, since the identifier K1702 on thevirtual network 1 (102) side of the user B is 200, the port No. K1703 isset to 0/1, and the identifier K1704 is set to VID:3 set in Step S1308on a corresponding line of T1701 as setting on the virtual network 2(104) side.

FIG. 40 illustrates the relay information between the networks in whichthe information on VID:3 is updated.

Also, FIG. 41 illustrates the user service information 411 in which theinformation on the application a (DLNA server) of the user B is updated(Step S1310). In the specific example of the user B, the service stateK906 is set to active, and the virtual network 2 identifier K907 is setto VID:3 set in Step S1308 on a corresponding line on which theidentifier K903 on the virtual network 1 (102) side of the user B is200, the service ID K904 is 1-2, and the service type K905 is theapplication a (DLNA server) 2.

(Step S1311)

Then, the packet detector 407 transfers the start packet held in thebuffer memory to the virtual network 2 (104) side. This is because whenthere is no reply in a protocol for sending the start packet, and timeis out, an error is prevented from occurring due to no process ofretrying the packet sending. If the retrying process is conducted in theprotocol, there is no need to transfer the start packet (Step S1311).

On the other hand, if the application 108 corresponding to the startpacket is active (operating) in the determination of Step S1305, sincethere is no need to newly allocate the machine 106, processing afterStep S1311 is conducted.

(Step S1312)

With the above processing, the allocation process of the machineallocation device 101 is completed (Step S1312).

4. Resource Release Method

Subsequently, a description will be given of a method of releasingresources of the machine 106 and the virtual network 105 whenterminating the use of the application 108 with reference to FIG. 14.First, the user device 109 within the home 110 of the user turns offpower, transits to a sleeve state, and stops due to disconnection fromthe home network 111. With this operation, the application 108 thatprovides the service on the data center 112 side detects the stop of theuser device 109, and completes the application (Step S1401). Then, themachine controller 413 detects the completion of the application 108through a notification from the application 108. In this embodiment, themachine controller 413 shuts down the virtual machine 107 on which theapplication 108 has been completed. Also, the machine controller 413updates or deletes an entry of the user service information 411, themachine allocation information 414, and the machine information 415 tothe completed application 108 (Step S1402). Then, the virtual networkrelay unit 406 cancels the transfer of the communication packet of theuser between the virtual network 1 (102) and the virtual network 2(104). That is, the virtual network relay unit 406 updates theinformation on the corresponding virtual network 2 (104) side from therelay information between the networks which are held by the transferprocessor 401 illustrated in FIG. 17 (Step S1403). Then, the virtualnetwork 2 controller 416 deletes the virtual network 105 between themachine 106 on which the completed application 108 has operated and themachine allocation device 101. Also, the virtual network 2 controller416 updates or deletes an entry related to the virtual network 105 inwhich the user service information 411 and the virtual network 2information 417 have been deleted (Step S1404). With the aboveoperation, the process of releasing the resource in the machineallocation device 101 is completed (Step S1405). In Steps S1403 andS1404, when another application other than the application 108 completedby the user is used, setting requiring no deletion of the virtualnetwork 105 is not conducted.

As described above, in the first embodiment of the present invention,the machine 106 on which the application 108 providing the serviceoperates is dynamically allocated to the user within the data center 112when starting the user device 109 on the home side. Also, the virtualnetwork 105 of the user is dynamically configured between the machine106 dynamically allocated and the machine allocation device 101, therebyenabling the machine 106 to be freely allocated to plural users. As aresult, the use efficiency of the machine 106 can be enhanced.

B. Second Embodiment IPsec, Virtual Network 2

Subsequently, a description will be given of a system using a machineallocation device according to a second embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except thatthe method of configuring the virtual network 2 (104) is different.Accordingly, only different portions from those in the first embodimentwill be described below, and the same portions will be omitted from thedescription. A description will be given of a configuration of themachine allocation device 101 and a method of allocating the machinewith reference to FIGS. 20 to 23, 42, 43, and 46. FIG. 20 is anillustrative view illustrating an example of a format of a communicationpacket of a virtual network 2 according to a second embodiment of thepresent invention. FIG. 21 is an illustrative view illustrating anexample of virtual network 2 information held by the machine allocationdevice according to the second embodiment of the present invention. FIG.22 is an illustrative view illustrating an example of a physical networktopology of the virtual network 2 according to the second embodiment ofthe present invention. FIG. 23 is an illustrative view illustrating anexample of relay information between the virtual networks according tothe second embodiment of the present invention. FIG. 42 is anillustrative view illustrating an example of the virtual network 2information (after updated) held by the machine allocation deviceaccording to the second embodiment of the present invention. FIG. 43 isan illustrative view illustrating an example of the relay information(after updated) between the virtual networks according to the secondembodiment of the present invention. FIG. 46 is an illustrative viewillustrating an example of user service information held by the machineallocation device according to the second embodiment of the presentinvention. FIG. 47 is an illustrative view illustrating an example ofthe user service information (after updated) held by the machineallocation device according to the second embodiment of the presentinvention. The method of configuring the virtual network 2 (104)according to the first embodiment uses IEEE8020.1Q. On the other hand,this embodiment can use a tunnel mode of a security architecture forinternet protocol (IPsec) illustrated in FIG. 20. In the followingexample, a case mainly using the tunnel mode of the IPsec will bedescribed. However, the present invention is not limited to thisconfiguration, but can use appropriate standards, systems, andtechniques.

As illustrated in FIG. 20, in the tunnel mode of the IPsec, the packetof the user is encrypted and encapsulated by a tunnel IP header. Thepacket is transferred between a source and a destination by the tunnelIP header, thereby enabling the virtual network 105 for each user to beconfigured. That is, a tunnel using the IPsec is configured between themachine 106 and the machine allocation device 101. The IP address or asecurity parameter index (SPI) on the machine 106 side is used foridentification of each user. Accordingly, in this embodiment, thenetwork manager 404 conducts a configuration management of notIEEE802.1Q of the first embodiment but the IPsec, as a networkmanagement of the virtual network 2.

FIG. 46 illustrates the user service information 411 in a tabular formT901. The tabular form T901 includes the user identifier K901, thephysical port No. K902, the identifier K903 for each user in the virtualnetwork 1 (102), the identifier K904 of a unique service within thesystem, the type K905 of the service, and the service state K906 as inFIG. 9. Also, instead of the identifier K907 for each user in thevirtual network 2 (104) in FIG. 9, the tabular form T901 includes, asconfiguration information on the virtual network 2, an IP address K2105that terminates the tunnel of the IPsec on the machine 106 side, an SPI(K2106) on a transmitter side, and an SPI (K2107) on a receiver side.Since the identifier of the virtual network 2 may be unique, at leastany one of the IP address K2105, the SPI (K2106) on the transmitterside, and the SPI (K2107) on the receiver side may be provided.

FIG. 21 illustrates the virtual network 2 information 417 held by thenetwork manager 404 in a tabular form T2101. The tabular form T2101includes an identifier K2101 of the service provided to the user, anidentifier K2102 of the machine allocation device 101, a port No. K2103of the machine allocation device 101 connecting the virtual network 105,and an IP address K2104 terminating the tunnel of the IPsec on themachine allocation device side as configuration information on themachine allocation device 101, and the IP address K2105 terminating thetunnel of the IPsec on the machine 106 side, the SPI (K2106) on thetransmitter side, and the SPI (K2107) on the receiver side as theconfiguration information on the virtual network 2. The virtual network2 information 417 in FIG. 21 is dynamically created when the user startsthe use of the service (Step S1308).

The machine allocation method according to this embodiment is differentfrom the machine allocation method according to the first embodimentillustrated in FIG. 13 in that a process of generating the tunnel of theIPsec is conducted in Steps S1307, 1308, S1309, and S1310 for generatingthe virtual network 105 for each user between the machine 106 and themachine allocation device 101.

FIG. 22 illustrates a physical network topology of the virtual network 2(104) configured by the virtual network 2 information 417 in FIG. 21. Asillustrated in FIG. 22, in this embodiment, a gateway (GW) 2201 of theIPsec is installed in the virtual network 2 edge 405 of the machineallocation device 101. Also, a GW (2202) of the Ipsec is installedwithin the virtual machine 107. The tunnel of the IPsec is configuredbetween the GWs (2201, 2202) of the IPsec, thereby configuring thevirtual network 105 for each user. In FIG. 22, the home 110 side of thevirtual network 1 (102) is omitted.

In a specific example in which the user B uses the service of theapplication 108, the following processing is executed.

(Step S1307)

In Step S1307, configuration information (for example, IP address andSPI information) on an unused virtual network 2 is confirmed with theuse of the virtual network 2 information 417 illustrated in FIG. 21.Network configuration information configuring the tunnel of the IPsecbetween the machine allocation device (LB1) 101 and the virtual machine1-2 (107) in FIG. 22 is generated. In an example of FIG. 22, when theservice ID (K2101) is 1-2, the identifier K2102 of the machineallocation device 101 is LB1, the port No. K2103 is 0/1, and the IPaddress K2104 of the port is 10.10.0.10, it is determined as therespective unused information that the IP address K2105 of the virtualnetwork 2 is 10.10.0.104, the SPI (transmission) K2106 is 0x00000103,and the SPI (reception) K2107 is 0x0001004.

(Step S1308)

Then, in Step S1308, the virtual network 2 controller 416 configures thenetworks in the machine 106 and the machine allocation device 101 on thebasis of the network configuration information generated, in step S1307and validates the configured networks, and updates the virtual network 2information 417.

In configuration of the machine 106 and the machine allocation device101, for the GW2201 and GW2202 of the IPSec, the IP address K2105, theSPI K2106, and the SPI K2107 are set with respect to the service ID(K2101), the identifier K2102 of the machine allocation device 101, theport No. K2103, and the IP address K2104 of the port.

FIG. 42 illustrates the virtual network 2 information 417 in whichinformation related to 1-2 of the service ID (K2101) is updated.

(Step S1309)

Subsequently, the machine controller 413 starts the virtual machine 107in the machine 106 determined in Step S1306, and also starts theapplication 108 under the control. Also, the machine controller 413updates information on the started virtual machine 107 in the userservice information 411, the machine allocation information 414, and themachine information 415.

Also, FIG. 47 illustrates the user service information 411 in whichinformation on the application a (DLNA server) of the user B is updated(Step S1310). In the specific example of the user B, on a correspondingline in which the identifier K903 on the virtual network 1 (102) side ofthe user B is 200, the service ID K904 is 1-2, and the service type K905is the application a (DLNA server) 2, the service state K906 is active,and instead of the virtual network 2 identifier of FIG. 9, the IPaddress K2105 of the virtual network 2 is set to 10.10.0.104, the SPI(transmission) K2106 is set to 0x00000103, and the SPI (reception) K2107is set to 0x0001004.

(Step S1310)

Also, in Step S1310, the virtual network relay unit 406 is configured totransfer the communication packet of the user between the virtualnetwork 1 (102) and the virtual network (104) due to the relayinformation between the networks illustrated in FIG. 23.

FIG. 23 illustrates the relay information between the networks which isheld by the transfer processor 401 in a tabular form T2301. The tabularform T2301 includes the port No. K1701 of the machine allocation deviceconnected with the virtual network 103, the identifier K1702, and amedia access control (MAC) address K2301 held by the user device 109 asinformation on the virtual network 1 (102) side, and the port No. K1703of the machine allocation device connected with the correspondingvirtual network 105, and an IP address K2302 on the application 108 sideof the IPsec as an identifier as the information on the virtual network2 (104) side. In this example, the reason why the media access control(MAC) address K2301 is used is that when the tunnel is used as in thisembodiment, if one user uses plural applications 108, the tunnel ofpoint-two-point (P2P) is configured for each application 108 on thevirtual network 2 (104) side, resulting in a need to determine to whichtunnel the communication packet is transferred in the machine allocationdevice 101. In this embodiment, the media access control (MAC) addressK2301 is used for allocation to the application 108. Since only theallocation to the application 108 is needed, another information may beused.

FIG. 43 illustrates the relay information between the networks in whichthe information on the user B is updated.

C. Third Embodiment IPsec, Virtual Network 1

Subsequently, a description will be given of a system using a machineallocation device according to a third embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except thatthe method of configuring the virtual network 1 (102) is different.Accordingly, only different portions from those in the first embodimentwill be described below, and the same portions will be omitted from thedescription. A description will be given of a configuration of themachine allocation device 101 and a method of allocating the machinewith reference to FIGS. 24 to 26 and 44. FIG. 24 is an illustrative viewillustrating an example of user service information held by the machineallocation device according to the third embodiment of the presentinvention. FIG. 25 is an illustrative view illustrating an example ofthe configuration of the virtual network 1 according to the thirdembodiment of the present invention. FIG. 26 is an illustrative viewillustrating an example of relay information between the virtualnetworks according to the third embodiment of the present invention.FIG. 44 is an illustrative view illustrating an example of the relayinformation (after updated) between the virtual networks according tothe third embodiment of the present invention.

The method of configuring the virtual network 1 (102) according to thefirst embodiment uses the PBB. On the other hand, this embodiment usesthe tunnel mode of the security architecture for internet protocol(IPsec) illustrated in FIG. 20 (FIG. 20 illustrates the format of thecommunication packet on the virtual network 2 (104) side according tothe second embodiment, but the third embodiment uses the format of thecommunication packet on the virtual network 1 (102) side.). As describedin the second embodiment, in the tunnel mode of the IPsec, the packet ofthe user is encrypted and encapsulated by the tunnel IP header. Thepacket is transferred between a source and a destination by the tunnelIP header, thereby enabling the virtual network 103 for each user to beconfigured.

As illustrated in FIG. 25, a tunnel using the IPsec is configuredbetween the edge node 303 and the machine allocation device 101. The IPaddress or a security parameter index (SPI) on the edge node 303 side isused for identification of each user. Accordingly, the IP address on theedge node 303 side is used for an identifier K2401 of the virtualnetwork 1 of the user service information 411 illustrated in FIG. 24.Other data of the user service information 411 in FIG. 24 is identicalwith the user service information 411 according to the first embodimentillustrated in FIG. 9. As illustrated in FIG. 25, in this embodiment, agateway (GW) 2501 of the IPsec is installed in the virtual network 1edge 408 in the machine allocation device 101. Also, a gateway (GW) 2502of the IPsec is also installed in the edge node 303. In FIG. 25, themachine 106 is omitted.

The machine allocation method according to this embodiment is differentfrom the machine allocation method according to the first embodimentillustrated in FIG. 13 in that the information on the tunnel of theIPsec is used in Step S1310 for transferring the communication packet ofthe user between the virtual network 1 (102) and the virtual network 2(104).

(Step S1310)

In Step S1310, the virtual network relay unit 406 is configured totransfer the communication packet of the user between the virtualnetwork 1 (102) and the virtual network (104) due to the relayinformation between the networks illustrated in FIG. 26.

FIG. 26 illustrates the relay information between the networks which isheld by the transfer processor 401 in a tabular form T2601. The tabularform T2601 includes the port No. K1701 of the machine allocation deviceconnected with the virtual network 103, and an identifier K2601 usingthe IP address of the edge node as the information on the virtualnetwork 1 (102) side, and the port No. K1703 and the IP address K1704 ofthe machine allocation device connected with the corresponding virtualnetwork 105, as the information on the virtual network 2 (104) side.

FIG. 44 illustrates the relay information between the networks in whichthe information on the user B is updated. As illustrated in FIG. 44, theport No. K1703 and the identifier K1704 of the machine allocation devicein the virtual network 2 (104) related to the user B are updated.

D. Fourth to Sixth Embodiments S1306: Machine Determination Method 1.Fourth Embodiment

Subsequently, a description will be given of a system using a machineallocation device according to a fourth embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except thatthe method of determining the machine 106 on which the application 108operates is different. Accordingly, only different portions from thosein the first embodiment will be described below, and the same portionswill be omitted from the description.

Hereinafter, a description will be given of a method of allocating themachine in the machine allocation device 101 with reference to FIG. 27.FIG. 27 is an illustrative view illustrating an example of machineinformation held by the machine allocation device according to thefourth embodiment of the present invention. The machine allocationmethod according to this embodiment is different from the machineallocation method according to the first embodiment illustrated in FIG.13 in that the machine allocation determination unit 412 determines themachine 106 so that a power consumption of the machine 106 is reduced,in Step S1306 for determining the machine 106 on which the application108 newly operates.

FIG. 27 illustrates the machine information 415 according to thisembodiment in a tabular form T2701. The tabular form T2701 includes avalue K2701 of a present average power consumption and a powerconsumption function K2702 specific to each machine 106 in addition tothe machine information 415 of the first embodiment in FIG. 11. Thepower consumption function K2702 is, for example, a function having avariable P (power consumption value) and a variable ΔL (load variation).The power consumption function K2702 may be another format if anincrement of the power consumption when newly adding the application isfound from that information. For example, when the application 108 ofthe user B is newly added, the machine allocation determination unit 412calculates the increment in the power consumption of each machine 106 asfollows.

Increment in the power consumption of the machine (PS1): fΔP1(300 W,ΔL1)=20 W

Increment in the power consumption of the machine (PS2): fΔP2(200 W,ΔL1)=30 W

Increment in the power consumption of the machine (PS3): fΔP3(0 W,ΔL1)=100 W

When the above calculation results are obtained, the machine (PS1) 106smaller in the increment of the power consumption is selected. In thisexample, it is needless to say that the average load rate K1103 is takeninto account so as to prevent an overload.

2. Fifth Embodiment

Subsequently, a description will be given of a system using a machineallocation device according to a fifth embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except thatthe method of determining the machine 106 on which the application 108operates is different. Accordingly, only different portions from thosein the first embodiment will be described below, and the same portionswill be omitted from the description.

Hereinafter, a description will be given of a method of allocating themachine in the machine allocation device 101 with reference to FIG. 28.FIG. 28 is an illustrative view illustrating an example of the virtualnetwork 2 information held by the machine allocation device. The machineallocation method according to this embodiment is different from themachine allocation method according to the first embodiment illustratedin FIG. 13 in that the machine allocation determination unit 412determines the machine 106 taking a load of the virtual network 104,that is, a bandwidth use rate into account, in Step S1306 fordetermining the machine 106 on which the application 108 newly operates.FIG. 28 illustrates the virtual network 2 information 417 in a tabularform T1201. The tabular form T1201 includes an average use bandwidthK2801 indicative of a load of the appropriate port on the network inaddition to the virtual network 2 information 417 according to the firstembodiment in FIG. 12. A physical network topology of the virtualnetwork 2 information 417 in FIG. 28 is identical with that in the firstembodiment as illustrated in FIG. 16.

In an example illustrated in FIG. 28, since an average use bandwidth ofthe network of the machine (PS1) 106 is 100 Mbps, and the average usebandwidth of the network of the machine (PS2) 106 is 50 Mbps, themachine allocation determination unit 412 selects the machine lower inthe load, that is, the machine (PS2) 106. In this embodiment, themachine 106 is selected with the use of the average use bandwidth of thenetwork. However, the machine 106 may be selected taking other networkinformation, for example, priority information for each application 108,and a communication type (messaging, streaming, etc.) of the application108 into account.

3. Sixth Embodiment

Subsequently, a description will be given of a system using a machineallocation device according to a sixth embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except thatthe method of determining the machine 106 on which the application 108operates is different. Accordingly, only different portions from thosein the first embodiment will be described below, and the same portionswill be omitted from the description.

Hereinafter, a description will be given of a method of allocating themachine in the machine allocation device 101 with reference to FIG. 29.FIG. 29 is an illustrative view illustrating an example of user serviceinformation held by a machine allocation device according to a sixthembodiment of the present invention. The machine allocation methodaccording to this embodiment is different from the machine allocationmethod according to the first embodiment illustrated in FIG. 13 in thatthe machine allocation determination unit 412 determines the machine 106taking a past service use history of the user into account, in StepS1306 for determining the machine 106 on which the application 108 newlyoperates.

FIG. 29 illustrates the user service information 411 in a tabular formT2901. The tabular form T2901 includes an average load K2901 of theapplication 108 providing the service, and an average use time K2902 asinformation on the service use history for each user, in addition to theuser service information 411 in the first embodiment of FIGS. 9 and 12.As the method of determining the machine 106, there is, for example, amethod of determining the machine 106 according to the average loadK2901. That is, the machine (PS1) 106 is determined when the averageload is 20 or more, and the machine (μS2) 106 is determined when theaverage load is less than 20. Also, as another example, there is amethod of determining the machine 106 according to the average use timeK2902. That is, the machine (PS1) 106 is determined when the average usetime is 60 minutes or longer, and the machine (PS2) 106 is determinedwhen the average use time is shorter than 60 minutes.

4. Additional Statement

In the above-mentioned fourth to sixth embodiments of the presentinvention, the method of determining the machine 106 on which theapplication 108 newly operates by the machine allocation determinationunit 412 is described by different implementing methods. Those methodsmay be implemented in the respective embodiments, independently, orthose embodiments may be combined together.

E. Seventh Embodiment Method of Operating Application 108

Subsequently, a description will be given of a system using a machineallocation device according to a seventh embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except thatthe method of operating the application 108 providing the service to theuser is different. Accordingly, only different portions from those inthe first embodiment will be described below, and the same portions willbe omitted from the description.

A description will be given of a configuration of the machine allocationdevice 101 and a method of allocating the machine with reference toFIGS. 30 and 31. FIGS. 30 and 31 are illustrative views illustrating anexample of a method of starting the application according to the seventhembodiment of the present invention. As illustrated in FIG. 30, in thisembodiment, each of the machines 1061 and 1062 includes a physicalnetwork interface card (NIC) 3001 for connection to the virtual network2, a physical network interface card (NIC) 3002 for connection to ashared storage network 3003, an operating system (OS) 3005, a VLANallocation function 3006, and applications 108 and 10811. Also, theshared storage network 3003 is connected with a network storage 3007which is a storage device holding data 3008 of the respectiveapplications. In FIG. 30, reference numeral 3004 indicates a logicalconnection of the shared storage network 3003. In FIGS. 30 and 31, aconfiguration on the home 110 side of the user with respect to themachine allocation device 101 is simple, and therefore will be omitted.In this embodiment, separation of the applications 108 and 10811 foreach user is conducted by the VLAN allocation function 3006. That is, asin the first embodiment, the VID such as IEEE802.1Q is used foridentifying each user in the virtual network 2 (104). The VLANallocation function 3006 associates the applications 108 and 10811 withthe VIDs, and transfers the communication packets with the aid of theVIDs identifying the users.

Also, the machine allocation method according to this embodiment isdifferent from the machine allocation method according to the firstembodiment illustrated in FIG. 13 in that the virtual machine 107 is notstarted, but the applications 108 and 10811 are started, in Step S1309for starting the application 108 under the control by the machinecontroller 413. A mechanism in which the application 108 can start onany machine 106 is illustrated in FIGS. 30 and 31. FIG. 30 illustrates aconfiguration when the application a (10811) of the user B operates onthe machine 1 (1061), and FIG. 31 illustrates a configuration when theapplication a (10811) of the user B operates on the machine 2 (1062).Since data 300821 of the application a (10811) of the user B is held onthe network storage 3007 accessible from any machines 1061 and 1062, theapplication can operate even if the operating machine 1061 or 1062 ischanged to another. Also, as a specific method of starting theapplications 108 and 10811, there is a method of starting theapplications 108 and 10811 with the aid of a message specific to theapplication from the machine controller 413.

F. Eighth to Eleventh Embodiments Function Distribution 1. EighthEmbodiment Terminal Function

Subsequently, a description will be given of a system using a machineallocation device according to an eighth embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except theconfiguration of the device of the user. Accordingly, only differentportions from those in the first embodiment will be described below, andthe same portions will be omitted from the description.

A description will be given of a configuration of the machine allocationdevice 101 with reference to FIG. 32. FIG. 32 is an illustrative viewillustrating an example of using the service of the user B according tothe eighth embodiment of the present invention. In the first embodiment,as an example of the media server, as illustrated in FIG. 2, when adigital media server (DMS) is used as the application a (1081), and adigital media renderer (DMR) is used as the user B device 1 (10921), thenumber of user devices 109 using the application 108 is one. On theother hand, a description will be given of a case in which the number ofuser devices 109 using the application 108 is plural according to thisembodiment. As illustrated in FIG. 32, in this embodiment, a user Bdevice 2 (3201) is added to the home 110 side in the first embodiment ofFIG. 2. For example, in the standards “digital living network alliance(DLNA)”, the user B device 2 (3201) is a digital media controller (DMC)that controls the application a (1081) (DLNA server) that is the DMS,and the user B device 1 10921 (TV) that is the DMR. Also, the user Bdevice 2 (3201) has a user interface (input function) 3202 for remotecontrol by the user. The application a (1081), the user B device 1(10921), and the user B device 2 (3201) are connected by the L2-VPNnetwork 201. The DLNA server 1081 and the TV (10921) receive requests3203 and 3204 from the DMC, respectively, the DLNA server 1081 deliversthe video content 203 to the TV (10921) (3205), and the TV (10921)displays a video delivered to the display 202. In this embodiment, themachine allocation device 101 receives the start packet from the user Bdevice 2 (3201), and the method of allocating the machine is identicalwith that in the first embodiment.

2. Ninth Embodiment Terminal Function

Subsequently, a description will be given of a system using a machineallocation device according to a ninth embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except theconfiguration of the device of the user. Accordingly, only differentportions from those in the first embodiment will be described below, andthe same portions will be omitted from the description.

A description will be given of a configuration of the machine allocationdevice 101 with reference to FIG. 33. FIG. 33 is an illustrative viewillustrating an example of using the service of the user B according tothe ninth embodiment of the present invention. In this embodiment, thenumber of user devices 109 using the application 108 is plural as in theeighth embodiment. However, this embodiment is different from the eighthembodiment in that the user devices 109 are not in the same home 110.That is, as illustrated in FIG. 33, a user B device 2 (3301) is out ofthe home 110 of the user B, for example, outdoors or in a publicfacility. The user B device 2 (3301) is connected to the machineallocation device 101 of the data center 112 through a virtual network33042 for each user Bin another virtual network 1-2 (3303). As in theeighth embodiment, for example, in the standards “digital living networkalliance (DLNA)”, the user B device 2 (3301) is a digital mediacontroller (DMC) that controls the application a (1081) (DLNA server)which is the DMS, and the user B device 1 (10921) (TV) which is the DMR.Also, the user B device 2 (3301) has a user interface (input function)3302 for remote control by the user.

The application a (1081), the user B device 1 (10921), and the user Bdevice 2 (3301) are connected by the L2-VPN network 201. The DLNA server1081 and the TV (10921) receive requests 3305 and 3306 from the DMC,respectively, the DLNA server 1082 delivers (3307) the video content 203to the TV (10921), and the TV (10921) displays a video delivered to thedisplay 202. In this embodiment, the machine allocation device 101receives the start packet from the user B device 2 (3301), and can dealwith the start packet from the virtual network 1-2 (3303) side, and themethod of allocating the machine is identical with that in the firstembodiment.

3. Tenth Embodiment Machine Allocation Function

Subsequently, a description will be given of a system using a machineallocation device according to a tenth embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except theconfiguration of the device of the user. Accordingly, only differentportions from those in the first embodiment will be described below, andthe same portions will be omitted from the description.

A description will be given of a configuration of the machine allocationdevice 101 with reference to FIG. 34 and FIG. 35. FIG. 34 is a blockdiagram illustrating a configuration of a machine allocation deviceaccording to a tenth embodiment of the present invention. FIG. 35 is anillustrative view illustrating an example of a control interface betweendevices according to the tenth embodiment of the present invention. Asillustrated in FIG. 34, in this embodiment, a functional part of themachine allocation device 101 is dispersed into plural devices, a routerdevice 3401, a machine management system 3403, and a network managementsystem 3404. That is, the transfer processor 401 is installed in therouter device 3401, the access detector 402 is installed in an add-onmodule 3402 mounted in the router device 3401, the machine allocationmanager 403 is installed in the machine management system 3403, and thenetwork manager 404 is installed in the network management system 3404.In FIG. 34, for simplification, the machine 106 and the home 110 of theuser are omitted. In this way, the functional part of the machineallocation device 101 is dispersed, and the method of allocating themachine is identical with that in the first embodiment. However, becausethe functional part of the machine allocation device 101 is dispersed,there is a need to communicate among the dispersed functional parts. Asthe communication method, there is used a messaging using a managementLAN or a control interface 3405 of a dedicated interface. Accordingly,in the machine allocation method according to this embodiment, acommunication among the respective functional parts is added to themachine allocation method according to the first embodiment illustratedin FIG. 13.

Hereinafter, the added communication will be described. In Step S1305for determining whether there is a need to newly start the service, ornot, if it is determined that there is a need to start the service, thepacket type determination/service type determination unit 410 notifiesthe machine management system 3403 of the user identifier K901, theidentifier K904 of the service, the type K905 of the service, and theidentifier K907 of the virtual network 2 in an interface format 3501 ofFIG. 35. In Step S1306 for determining the machine 106 on which theapplication 108 newly operates, the machine allocation determinationunit 412 notifies the network management system 3404 of the useridentifier K901, the identifier K907 of the virtual network 2, theidentifier K1101 of the machine 106 on which the application 108 starts,and the identifier K1104 of the virtual machine in an interface format3502 of FIG. 35. In Step S1308 for generating the virtual network 105 onthe virtual network 2 (104), the virtual network 2 controller 416notifies the machine management system 3403 and the router device 3401of completion information on validation of the virtual network 105 andthe identifier of the virtual network 105 in interface formats 3503 and3504 of FIG. 35. In Step S1309 for starting the application 108, themachine controller 413 notifies the router device 3401 of startcompletion information on the application 108 in an interface format3505 of FIG. 35.

4. Eleventh Embodiment Machine Allocation Function

Subsequently, a description will be given of a system using a machineallocation device according to an eleventh embodiment of the presentinvention. This embodiment is identical with the system using themachine allocation device according to the first embodiment except theconfiguration of the device of the user. Accordingly, only differentportions from those in the first embodiment will be described below, andthe same portions will be omitted from the description.

A description will be given of a configuration of the machine allocationdevice 101 with reference to FIG. 36 and. FIG. 37. FIG. 36 is a blockdiagram illustrating a configuration of a machine allocation deviceaccording to an eleventh embodiment of the present invention. FIG. 37 isan illustrative view illustrating an example of a control interfacebetween devices according to the eleventh embodiment of the presentinvention. As illustrated in FIG. 36, in this embodiment, a functionalpart of the machine allocation device 101 is dispersed into pluraldevices, a router device 3601, a control node 3602, the machinemanagement system 3403, and the network management system 3404. That is,the transfer processor 401 is installed in the router device 3601, theaccess detector 402 is installed in the control node 3602, the machineallocation manager 403 is installed in the machine management system3403, and the network manager 404 is installed in the network managementsystem 3404. In FIG. 36, for simplification, the machine 106 and thehome 110 of the user are omitted. In this way, the functional part ofthe machine allocation device 101 is dispersed, and the method ofallocating the machine is identical with that in the first embodiment.However, because the functional part of the machine allocation device101 is dispersed, there is a need to communicate among the dispersedfunctional parts. As the communication method, there is used a messagingusing a management LAN or a control interface 3603 of a dedicatedinterface as in the tenth embodiment. Accordingly, in the machineallocation method according to this embodiment, a communication amongthe respective functional parts is added to the machine allocationmethod according to the first embodiment illustrated in FIG. 13.

Hereinafter, the added communication will be described. In Step S1302for extracting the start packet, the packet detector 407 notifies thecontrol node 3602 of data of the extracted communication packet in aninterface format 3701 of FIG. 37. In Step S1305 for determining whetherthere is a need to newly start the service, or not, if it is determinedthat there is a need to start the service, the packet typedetermination/service type determination unit 410 notifies the machinemanagement system 3403 of the user identifier K901, the identifier K904of the service, the type K905 of the service, and the identifier K907 ofthe virtual network 2 in an interface format 3702 of FIG. 37. In StepS1306 for determining the machine 106 on which the application 108 newlyoperates, the machine allocation determination unit 412 notifies thenetwork management system 3404 of the user identifier K901, theidentifier K907 of the virtual network 2, the identifier K1101 of themachine 106 on which the application 108 starts, and the identifierK1104 of the virtual machine in an interface format 3703 of FIG. 37. InStep S1308 for generating the virtual network 105 on the virtual network2 (104), the virtual network 2 controller 416 notifies the machinemanagement system 3403, the router device 3601, and the control node3602 of completion information on validation of the virtual network 105and the identifier of the virtual network 105 in interface formats 3704,3705, and 3706 of FIG. 37. In Step S1309 for starting the application108, the machine controller 413 notifies the router device 3601 and thecontrol node 3602 of start completion information on the application 108in interface formats 3707 and 3708 of FIG. 37.

G. Twelfth Embodiment Graphical Interface

Subsequently, a description will be given of a system using a machineallocation device according to a twelfth embodiment of the presentinvention. In this embodiment, a graphical interface for managing themachine allocation device is added to the configuration of the systemusing the machine allocation device and the machine allocation deviceaccording to the first embodiment. Accordingly, only different portionsfrom those in the first embodiment will be described below, and the sameportions will be omitted from the description.

Hereinafter, a description will be given of the graphical interface formanaging the machine allocation device 101 with reference to FIG. 38.FIG. 38 is an illustrative view illustrating an example of the graphicalinterface of the machine allocation device according to the twelfthembodiment of the present invention. A graphical interface 3801 formanaging the machine allocation device 101 illustrated in FIG. 38 isdisplayed on the management terminal 418 illustrated in FIG. 4. Amanager that manages the machine allocation device 101 conducts theoperation management from the management terminal 418. An exampleillustrated in FIG. 38 shows a service registration menu 3802 that newlyregisters the services provided to the user. The service registrationmenu 3802 includes, for example, a pull down menu 3802 for selecting theusers, a virtual network 1 identifier 3804 of the selected user, a list3805 of the services which are being allocated to the user, a pull downmenu 3806 for selecting a service to be newly allocated, a serviceregistration button 3807, and a button 3808 for canceling the serviceregistration. The service registration button 3807 is clicked tocomplete the allocation of the service to the user, and the service issaved in the user service information 411.

The present invention made by the present inventors has been describedabove in detail with reference to the embodiments. However, the presentinvention is not limited to the above embodiments, but can be variouslychanged without departing from the subject matter thereof. The networksystem having the machine allocation device according to the presentinvention is suitable for a system in which the users in a distant homeor company area use the machine installed in the data center through thewide area network.

Also, the L2-VPN has been mainly described above. However, the presentinvention is not limited to this configuration, but can be applied to avariety of VPNs. Further, the present invention can employ a variety ofencrypting functions (protocols) and/or authenticating functions(protocols) with respect to the IPSec.

The specification and drawings are, accordingly, to be regarded in anillustrative rather than a restrictive sense. It will, however, beevident that various modifications and changes may be made theretowithout departing from the spirit and scope of the invention(s) as setforth in the claims.

What is claimed is:
 1. A network system having a first virtual networkconfiguring a virtual network for each user which is connected to aterminal of the user, a plurality of machines on which applications tobe used from the terminal by the user operate, and a second virtualnetwork configuring a virtual network for each user which is connectedto the plurality of machines, the network system comprising: a machineallocation device that is connected to the first virtual network and thesecond virtual network, wherein the machine allocation device includes:a transfer processor that relays communication packets of the userbetween the first virtual network and the second virtual network; anaccess detector that detects an access from the user; a machineallocation manager that determines any one of the plurality of machines;a network manager that manages the network; a user service informationstorage unit that stores user service information including a servicestate indicative of an operating state of each application and a secondvirtual network identification information indicative of an identifierof each user over the second virtual network, in correspondence with apreset first virtual network identifier indicative of the identifier ofthe user over the first virtual network, a preset service identifier foridentifying each application providing a service to the user, and apreset service type indicative of each allocatable application; amachine allocation information storage unit that stores machineallocation information including a virtual machine identifier foridentifying a virtual machine on which the application operates and aservice identifier for identifying the application that operates on thevirtual machine, in correspondence with a preset machine identifier; arelay information storage unit that stores relay information includingan identification information on a second virtual network side, incorrespondence with an identification information on a first virtualnetwork side; and a second virtual network information storage unit thatstores the second virtual network identification information configuringa user virtual network over the second virtual network between themachine and the machine allocation device, wherein the transferprocessor detects a communication packet transmitted from the terminaland received through the first virtual network, the access detectordetects a start packet to be sent when starting the terminal from thereceived communication packet, determines the first virtual networkidentifier and the service type indicative of the application to be usedby the terminal according to information on the communication packet andthe start packet, and obtains the service state on the basis of thefirst virtual network identifier and the service type with reference tothe user service information, when the service state is non-allocated orstopping, the machine allocation manager determines the machine on whichthe determined application operates according to a predeterminedprocedure, and specifies the virtual machine on the determined machine,the network manager obtains non-allocated virtual network identificationinformation in one or a plurality of entries indicative of a connectionbetween the determined machine and the machine allocation device, withreference to the second virtual network information, the network manageradds the virtual network identification information to the one or theplurality of entries of the second virtual network information oranother entry of the second virtual network information, and updates thevirtual network identification information to configure the user virtualnetwork on the second virtual network, the machine allocation managerstarts the specified virtual machine on the machine, and operates theapplication, the machine allocation manager sets the virtual networkidentification information to the identification information on thesecond virtual network side corresponding to the first virtual networkidentifier with respect to the relay information and, for an entrycorresponding to the first virtual network identifier and the servicetype with respect to the user service information, sets the servicestate to be allocated or to be operating and sets the virtual networkidentification information to the second network identifier, and setsthe virtual machine identifier of the started virtual machine and theservice identifier with respect to the machine allocation information,and the transfer processor transfers the communication packet of theuser between the first virtual network and the second virtual network onthe basis of the relay information.